On 31/10/14 15:50, Moxie Marlinspike wrote:
> 4) Device 'A' can use a regular axolotl session to transmit existing
> message history to device 'B'.
>
"axolotl is forward-secret" doesn't mean "the entire application is forward-secret".
The fact that the device stores message history, reduces the effectiveness of having sent the message through a forward-secret scheme like axolotl - an attacker who can compromise the long-term key can just compromise the history itself.
Now, one can argue "it's harder to exfiltrate the entire message history than a few keys", especially if the message history is large. But still, this is going outside of typical "forward secrecy" concerns.
X
--
GPG: 4096R/1318EFAC5FBBDBCE
git://github.com/infinity0/pubkeys.git
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20141031/16f6f0f0/attachment.sig>